Videos uploaded by user “Sameer Pasha”
UEFI Linux Secure Boot Kernel Signing and Verification demo
Comments, Suggestions, please reach out to me at: www.linkedin.com/in/sameer-pasha-7aba6393 UEFI secure boot Kernel Digital Signing and Verification. Commands: openssl req -new -x509 -newkey rsa:2048 -subj "/CN=DB_Key/" -keyout Private_DB_Key.key -out Public_DB_Cert.crt -days 365 -nodes -sha256 sbsign --key Private_DB_Key.key --cert Public_DB_Cert.crt --output bzImage.signed bzImage openssl x509 -in Public_DB_Cert.crt -outform der -out Public_DB_Cert.der Create a disk: guestfish allocate disk1.img 100MB run part-disk /dev/sda mbr mkfs vfat /dev/sda1 mount /dev/sda1 / copy-in bzImage_Unsigned.bin / copy-in initrd.img / quit Launch Qemu and Linux: qemu-system-x86_64 -bios uefi.bin -hda disk1.img -m 2048 -smp 2 -M pc-i440fx-2.0 -enable-kvm -net none UEFI Signature verification code: DxeImageVerificationLib.c
Views: 2290 Sameer Pasha
Keys and Digital Certificates
Brief on Symmetric and Asymmetric Keys Digital Certificates - X.509 and GPG Commands to generate asymmetric keys and digital certificate. X.509 commands: Key Pair Creation: openssl req -new -x509 -newkey rsa:2048 -keyout Private.key -out Public.crt -days 365 -nodes -sha256 Dump Private key contents: openssl rsa -in Private.key -noout –text Dump public key contents: openssl x509 -in Public.crt -noout -text GPG Commands: Key pair creation: gpg --gen-key List gpg keys: gpg --list-keys Dump key contents: gpg -a --export key-name | gpg --list-packets --debug 0x02 Reach me at Linkedin for comments/suggestions: www.linkedin.com/in/sameer-pasha-7aba6393
Views: 1250 Sameer Pasha
Packaging Digital Signatures
For comments/suggestions, please reach me at: www.linkedin.com/in/sameer-pasha-7aba6393 This video describes various methods of packaging digital signatures. NOTE: Replace ANGLE_BRACKET with greater-sign in below. Signature Envelope Generation: openssl smime -sign -in Plaintext.txt -signer PK.crt -inkey PK.key ANGLE_BRACKET Signed-Plaintext.txt openssl smime -verify -in Signed-Plaintext.txt -signer PK.crt -noverify ================ PECoff / EFI File signature appending: sbsign --key PK.key --cert PK.crt --output HW_Signed.efi HW_Unsigned.efi sbverify --cert PK.crt HW_Signed.efi =============== RPM Signature inserted before header: rpm -Kv hello.rpm rpm --define "_gpg_name Acme Corp" --addsign hello.rpm ============== Detached Signatures: openssl smime -sign -binary -in Plaintext.txt -signer PK.crt -inkey PK.key -outform der -out file.p7b openssl smime -verify -binary -inform der -in file.p7b -content Plaintext.txt -noverify =============
Views: 398 Sameer Pasha
Hashing Encryption Decryption Digital Signature Signing Verification Openssl Pkcs7
Reach me at linked in: www.linkedin.com/in/sameer-pasha-7aba6393 This video briefs on encryption, decryption and generating as well as verifying digital signatures. ============= NOTE: Replace GREATER-ARROW with angle-bracket below, as angle-brackets are not allowed in description. Commands used: Generate hash: md5sum Plaintext.txt gcc hash_func.c -lcrypto Encrypt a file: openssl enc -aes-128-cbc -in Plaintext.txt -K ABCDEF12345 -iv ABCDEF GREATER-ARROW Cipher.txt Decrypt a file: openssl enc -d -aes-128-cbc -in Cipher.txt -K ABCDEF12345 -iv ABCDEF Generate a detached signature: openssl smime -binary -sign -in Plaintext.txt -signer PK.crt -inkey PK.key -outform pem -out file.p7b Dump signature contents: openssl asn1parse -in file.p7b -dump -i ==== Generating digital-signature: sha1sum Plaintext.txt | cut -d ' ' -f 1 GREATER-ARROW hash openssl enc -aes-128-cbc -in hash -K ABCDEF12345 -iv ABCDEF GREATER-ARROW Signature.bin Verifying digital-signature: sha1sum Plaintext.txt | cut -d ' ' -f 1 GREATER-ARROW hash_1 openssl enc -d -aes-128-cbc -in Signature.bin -K ABCDEF12345 -iv ABCDEF GREATER-ARROW hash_2 cat hash_1 cat hash_2
Views: 1916 Sameer Pasha
Secure Storage Cryptographic Hardware Assist Atmel Heartbleed
A brief on Secure Storage. Reach me at: www.linkedin.com/in/sameer-pasha-7aba6393 Device shown: Atmel-8914-CryptoAuth-ATAES132A
Views: 102 Sameer Pasha